Bugzilla – Full Text Bug Listing |
Summary: | Buffer::Iterator::ReadNtohU16() and Buffer::Iterator::ReadNtohU32 are not implemented correctly | ||
---|---|---|---|
Product: | ns-3 | Reporter: | yuecn41 |
Component: | network | Assignee: | ns-bugs <ns-bugs> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | tomh, tommaso.pecorella |
Priority: | P5 | ||
Version: | ns-3-dev | ||
Hardware: | All | ||
OS: | All |
Description
yuecn41
2015-01-23 02:03:15 EST
Point 2 is not a bug. Point 1 is worth triple checking. In ReadNtohU16: [...] else if (m_current >= m_zeroEnd) { buffer = &m_data[m_current]; } In PeekU8: else // same condition as (m_current >= m_zeroEnd) { uint8_t data = m_data[m_current - (m_zeroEnd-m_zeroStart)]; return data; } This may lead to a past-array reading. (In reply to Tommaso Pecorella from comment #1) > Point 2 is not a bug. I agree, the method returns before m_current is incremented when the slow path processing occurs. > > Point 1 is worth triple checking. > In ReadNtohU16: > [...] > else if (m_current >= m_zeroEnd) > { > buffer = &m_data[m_current]; > } > > In PeekU8: > else // same condition as (m_current >= m_zeroEnd) > { > uint8_t data = m_data[m_current - (m_zeroEnd-m_zeroStart)]; > return data; > } > > This may lead to a past-array reading. Yes, this fix is needed in both methods: - buffer = &m_data[m_current]; + buffer = &m_data[m_current - (m_zeroEnd - m_zeroStart)]; pushed in changeset 11192:441c905aa900 |